Anyone running multiple firewalls in a complex, enterprise environment knows how difficult it can be to catch misconfigurations, avoid conflicting rules, identify vulnerabilities and meet auditing and compliance mandates.

Firewalls form a crucial part of most service providers and enterprises’ security platforms. Maintaining firewall rules and policies is essential to ensure that these firewalls work efficiently and are able to react quickly to any threats. Through its experience working with thousands of organisations, Infradata has encoutered many challenges that can be summarised as follows:

Higher complexity: Enterprises typically have hundreds of firewalls, routers and switches. Each device’s configuration is very complex, involving hundreds of rules. Multiply the two together, and the landscape becomes very difficult to navigate.

Constant change: Large organizations usually have from tens to hundreds of changes per week.

Connectivity: Configuration errors can easily lead to service downtime.

Communication: most change requests are related to application changes and poor communication between the application development and IT security teams.

Compliance: there is a growing number of standards: PCI-DSS, SOX, NERC, etc. Audit preparation is very intricate and resource intensive.

These challenges commonly result in the following situation:

Rules bases become large and tangled over time, due to:

Unused rules and objects

Rules with overlap and shadow

Performance is degraded

Potential security loopholes are not remediated

Maintenance is complex and costly

Infradata offers firewall operation management solutions for security orchestration that is policy and application-centric. This automates risk analysis, design, provisoning and auditing of network security changes. The solution allows for the simplification and automation of security policy management.